Surveillance technology is a growth area. It is becoming increasingly
sophisticated, affordable, and available. It is no wonder in such circumstances
that more and more employers are choosing to use it to monitor their employees.
And there is a panoply of choice: hidden cameras, key-stroke monitoring, and
Internet activity logs are but a few of the work-place monitoring tools on the
market.

As interest in workplace monitoring gathers momentum, so, too, has Canadian
society’s commitment to personal privacy rights. In 2000, the federal
government brought in the Personal Information Protection and Electronic
Documents Act (PIPEDA), pushing provinces to follow suit by making
the federal statute apply by default in the absence of the introduction of
substantially similar provincial legislation. In British Columbia, the
Legislature responded by passing the Personal Information Protection Act,
in force as of January 1, 2004.

This paper will explore the growing clash between workplace monitoring and
privacy, especially in light of the new privacy legislation in the province. In
particular, it will focus on two case studies: video surveillance and
Internet/e-mail surveillance.

Employers cite the need for video surveillance to prevent and to detect
employee fraud. To that end, employers sometimes hire investigators to videotape
employees perceived to be abusing work-related benefits, such as disability
payments, WCB benefits, or sick leave. Typically, the goal of the investigator
is to prove that the employee under investigation is well enough to return to
work.

In addition, employers commonly view video surveillance as a means to protect
their property. For example, hidden cameras are justified on the basis that they
will prevent certain kinds of crime, like theft or vandalism.

Employee time is seen as employer property as well. While employers will not
typically cite the need to prevent employee’s theft of time as a reason to
install video surveillance equipment in the workplace, they will not hesitate to
use cameras installed for security reasons to discipline employees for taking
extended breaks.

More interestingly, some employers have shown themselves willing to take a
more aggressive stance on the issue. For example, the City of Vancouver hired an
investigator to conduct targeted video surveillance of a specific employee
suspected of doing personal business on company time.

A final rationale for the use of covert video cameras or digital cameras in
the workplace is that the devices promote security. Hospitals, for instance, are
one place where fixed cameras are characterized as a means to provide
"security for both staff and patients".

The promise of video surveillance is that it will capture an
incontrovertible, objective record of events. Such a record, it is thought, will
lay the truth bare. However, many of frailties that plague regular witness
identification evidence pose problems in video surveillance evidence as well.

These frailties were discussed in B.C. Transit and Independent Canadian
Transit Union, Local 2, [1999] B.C.C.A.A.A. No. 148. This was a grievance in
which the grievor sought reinstatement after having been terminated for theft.
The employer had justified his termination on the basis of video tape evidence
which it claimed showed the grievor as the thief. No less than six witnesses
identified the grievor from video surveillance tapes as the suspected thief,
including the Supervisor of Physical Security for B.C. Transit, who had been a
member of the R.C.M.P. for eight years. A seventh said he would have identified
the suspect as the grievor had he been shown only the third video tape put to
him. The employer also called the Co-ordinator of the Forensic Video Unit of the
Vancouver Police Department as a "trained observer". This witness said
that after observing the grievor walk into the building where the grievance was
being heard, "the consistencies were very strong" between the gait of
the grievor and the suspect on the video tapes. The video tapes the witnesses
were viewing to identify the suspect had been taken at night, supplemented by an
infra-red illuminator.

The union’s submissions highlighted the problems with identification
evidence, including that taken from video tapes:

¶

111
Counsel submitted that the law has recognized that there are inherent
difficulties and frailties in eye witness identification and the same
concerns apply to identification from video tapes. Some
principles may be derived from the authorities, such as Regina vs.
Edwardson (1999), 79
C.C.C. (3d) 508 (B.C.C.A.)
at 7, 9-11, and Regina vs. Todish (1985), 18
C.C.C. (3d) 159 (Ont C.A.) at
2-3 as follows:

- Because of the inherent frailties of eye
witness identification, Courts and tribunals have exercised caution
when dealing with such evidence.

- A mistaken witness can be a convincing
one, and a number of witnesses can be mistaken.

- The degree of caution varies with the
amount of distinct and independent evidence in support.

- Inherent frailties arise from the
psychological fact of human observation and recollection being
unreliable.

- The possibility of error is not limited to
witnesses whose credibility is suspect.

- The need for caution is increased where
there is a specific denial by the person accused of misconduct.

- Great care should be exercised to avoid a
miscarriage of justice.

¶

112 Here the Union was not suggesting any form of
conspiracy or that witnesses such as Messrs. Yuen, Louie or Harper are
dishonest or liars. This was a case of a number of people being convinced of
their mistaken conclusions.

¶

113 Counsel for the Union
submitted that from established law as to identification of a wrongdoer
through video tape evidence, certain principles should be drawn and applied:

- the degree of clarify and quality of the
tape, the length of time the person appears, are matters which go to
the weight of the evidence.

After viewing a portion of a video tape tendered by the Union, taken during
the day and clearly depicting the grievor in the same work area, the arbitrator
concluded at para. 140 of the award that the images of the suspected thief
relied on by the employer were not similar to the images taken of the grievor
during the day. He found, not surprisingly, that the employer had failed to meet
the exacting onus of clear and cogent evidence to justify placing a senior
employee’s career in jeopardy.

Superimposed over the regular concerns tribunals and courts have with
identification evidence are issues of reliability. Surveillance video or
digitally captured images may be of poor quality, incomplete, or improperly
handled.

The problem of the honest but mistaken witness in B.C. Transit, supra, was
exacerbated by the poor quality of the video tape evidence. Arbitrator McDonald
wrote in para. 132 that the tapes were "…not of good clarity, the images
of the thief were of limited resolution and there were no distinct facial
features of the thief recorded."

A similar problem arose in British Columbia v. BCGSEU (Henry
Grievance) (1999), 82 L.A.C. (4th) 382 (Lanyon, Q.C.) where a
hidden camera was installed to catch a petty thief who also operated under the
cover of night. There was only one light illuminating the evening scene that the
camera was set to record, and the images captured on the videotape were
"snowy". In addition, the videotapes had deteriorated over time.
Ultimately, the arbitrator ruled the tapes were admissible, unlike in the
earlier criminal proceeding. However, critical to this decision was the fact
that the grievor had identified himself on one of the tapes: para. 40.

Another reliability issue in regard to video surveillance evidence relates to
camera coverage. In the Henry Grievance, supra, for instance, the
angle of the camera was such that it did not show the Flying Club’s cash
drawer or the suspect’s hands. The evidence was, therefore, circumstantial
only. In Canada Safeway Ltd. v. United Food and Commercial Workers Union,
Local 1518 (Varley Grievance), [2003] B.C.C.A.A.A. No. 135, Award No.
X-027/03 (McConchie), the security cameras only covered certain areas of the
store. The Union argued that the recorded images were unreliable because they
did not always have both Mr. Varley and Mr. Huesmann completely in view. The
Union argued that the alleged assault of Mr. Varley by Mr. Huesmann could have
taken place out of the range of the security cameras. The arbitrator in Safeway
admitted the digital images into evidence but concluded at para. 96 the
recordings were of "limited value". The arbitrator wrote at para. 123:

Although…the Employer may have felt that the recordings would put the
matter of culpability beyond doubt, they have not had that effect. That is
because the recordings do not, in fact, contradict [the grievor’s] story…This
leaves the issue squarely where it might have been even without the
admission of the tapes: what is the credibility of these witnesses?

The union, in Safeway, supra, also argued that the images
captured by the store’s security cameras were unreliable and, therefore,
inadmissible in the arbitral proceeding because of the temporal gaps inherent in
them. To explain, the technology at issue was not traditional video cameras but
rather motion activated digital cameras that recorded three images every two
seconds when something was moving within their range. If the cameras were
inactive, it could take up to six seconds for them to begin recording once they
detected movement. The union characterized the digital recordings as a
"slide show". Arbitrator McConchie stated at para. 93: "There is
no question that there is a much greater potential for ‘gaps’ in the digital
recordings because of their slower speed. Greater care must be taken to ensure
that too much is not read into a digital sequence." He agreed with the
union that there was "…a distinction to be made between these types of
digital recordings and videotape recordings." Nevertheless, he admitted the
images into evidence, although according them little weight.

In Safeway, supra, the union also argued at para. 80 that the digital
images from the store’s security cameras had no probative value because "…the
Employer arbitrarily selected the data it would rely upon when it transferred
data from the in-store computer to the investigator’s laptop computer".
The security investigator checked into the alleged assault by accessing the
digital images captured from the cameras from the supermarket’s hard drive.
Using a special computer program, he then transferred the data to his laptop.
However, because digital images take up large amounts of memory, he saved only
those images in which both the grievor and Mr. Huesmann appeared in camera view
at the same time. The union’s position was that by editing the images in this
way, the employer destroyed potentially probative evidence. It argued at para.
80 that because this data was destroyed at an early stage of the investigation,
it did not have an opportunity to review "…this data to determine if
fairness required its inclusion".

Arbitrators have long grappled with the need to balance employee privacy
rights against the use of video surveillance or closed circuit television
systems. The comments of Arbitrator Ellis from 25 years ago, in the Puretex
Knitting Ltd. and Textile and Chemical Union (1979), 23 L.A.C. (2d) 14 at
29-30 remain relevant today:

In the use of electronic surveillance, it is apparent that we confront
conflicting social values of considerable importance. There is, on the one
hand, the principle of the right to privacy and beyond that, the more
general idea, of which the right to privacy is only one facet, of the
crucial importance of preserving and nurturing the historically fragile
concept of human dignity…On the other side of the issue are simply
considerations of efficiency in dealing with social problems.

Over time, several arbitral tests have emerged, the content and application
of which depend on the nature of the video surveillance at issue. Broadly
speaking, arbitrators are faced with three different categories of video
monitoring cases:

specific video surveillance o

f an employee that is covert (e.g.
an employer who hires a private investigator to follow and videotape
surreptitiously an employee who is off work on some kind of sick leave or
disability leave);

general video monitoring

that is covert (e.g. an employer
installs a hidden camera in the workplace to catch a thief); and

general video monitoring

that is overt (e.g. an employer
installs visible security cameras in the workplace).

Arbitrator Vickers (now Vickers J.) penned what would become the widely
accepted test to be applied cases of video surveillance of specific employees in
Re Doman Forest Products Ltd. and New Westminister Division and International
Woodworkers, Local 1-357 (1990), 13 L.A.C. (4th) 275:

Was it reasonable, in all of the circumstances, to request a surveillance?

Was the surveillance conducted in a reasonable manner?

Were other alternatives open to the company to obtain the evidence it
sought?

In subsequent rulings, arbitrators have come to consider the third branch of
the test as more properly a part of the first. Thus, the test applied by
Arbitrator Sullivan in Vancouver (City) v. CUPE, Local 15, [2003]
B.C.C.A.A.A. No. 86, Award No. A-030/03 was:

Was it reasonable, in all of the circumstances, to request a surveillance,
including whether there were other alternatives open to the Company?

The Vickers test is not, however, universally applied in the second category
of grievances, that is, where the employer uses a general video surveillance
system that surreptitiously tapes activities at the workplace. In fact, a review
of arbitral jurisprudence reveals that there is no consensus about the test to
apply to this category of case.

Arbitrators Glass and Taylor in Extra Foods v. United Food &
Commercial Workers International Union, Local 1518, [2002] B.C.C.A.A.A. No.
377, Award No. X-082/02 and X v. Y (Z Grievance), [2002] B.C.C.A.A.A. No.
292, Award No. A-214/02 both used the Vickers test as the starting point of
their analysis of whether videotape evidence taken from a hidden stationary
camera installed to catch a meat thief ought to be excluded for violating the
employees’ privacy.

Arbitrator Lanyon Q.C. favoured a completely different approach in British
Columbia v. British Columbia Government and Service Employees’ Union (Henry
Grievance) (1999), 82 LA.C. (4th) 382, one which focused solely
on the relevancy and the reliability of the evidence. The issue of the grievor’s
privacy rights appear not to have been argued or considered.

In the Henry Grievance, the president of the Abbotsford Flying Club
installed a hidden camera to deal with problems of petty theft. Mr. Henry, a
Commercial Transport Inspector at the Motor Vehicle Branch, was not employed by
the Flying Club but used its facilities. On two occasions when money went
missing, there was videotape showing a man thought to be Mr. Henry in front of
the cash drawer. His hands and the cash drawer itself were not visible because
of the camera angle. The Flying Club forwarded the tapes to the police, at which
point Mr. Henry was charged with two counts of theft under $5,000. The tapes
were excluded at the criminal trial because the Flying Club’s president could
not identify other people shown on the tape, the quality of which was admittedly
"snowy". The same tapes made their way to the employer, who dismissed
Mr. Henry.

At the hearing of the disciplinary grievance, Arbitrator Lanyon, Q.C.
admitted the video tapes, reasoning:

at the arbitral hearing, the other persons on the tape were identified (para.
39);

the grievor identified himself on one of the tapes in question (para. 40);
and

the grievor stated that the copy of the tape produced for him accurately
reflected the original tape (para. 41).

Yet another analysis was put forth in Unisource Canada Inc. v.
Communications, Energy and Paperworkers’ Union of Canada, (CEP), Local 433,
[2003] B.C.C.A.A.A. No. 309, Award No. A-209/03 (Kelleher). In this case, the
union launched a grievance in relation to nine security cameras ostensibly
installed by the employer to prevent theft, vandalism and to improve workplace
security. Arbitrator Kelleher stated that the appropriate test for surreptitious
surveillance is that taken from St. Mary’s Hospital and H.E.U. (1997),
64 LA.C. (4th) 282 (Larson) at para. 48, namely that such covert
monitoring can only be justified where:

there is a substantial problem;

there is a strong possibility that surveillance will be effective; and

An entirely different analysis is applied in disciplinary grievances which
involve general security systems installed with the knowledge of employees. An
award that illustrates the dominant test applied in this final category of video
monitoring cases is Canada Safeway Ltd. v. United Food and Commercial Workers
Union, Local 1518 (Varley Grievance), [2003] B.C.C.A.A.A. No. 135.
Arbitrator McConchie wrote at para. 91 of the award: "…the real test for
the introduction of surveillance evidence of this kind (namely, from a known
security system as opposed to from the specific surveillance of an employee in
particular circumstances) is one of relevance of the facts depicted on the
tape."

At issue in Safeway was whether one employee was lying when he claimed
that his co-worker had struck him in the face during a dispute. The employer
sought to introduce a series of digital images taken from the store’s visible
security cameras to justify its decision to dismiss the grievor.

Clearly, the broad relevancy test used in Safeway is much more lenient
than those posited in decisions such as St. Mary’s or Doman that
consider the issue of the reasonableness of surveillance.

Arbitrators may admit covert video surveillance taken of an employee outside
of the workplace. Such evidence is more likely to be considered reasonable if
it is conducted while the grievor is in a public place. A public place,
however, can be steps outside an employee’s house.

Even where the video taped evidence taken by the investigator of the
specific employee is made outside normal working hours, arbitrators may
still determine that it is reasonable to admit it.

Evidence from cameras installed for a specific purpose (e.g. to catch a
meat thief) but which inadvertently gather related images (e.g. theft of
bulk food) may be used to discipline or terminate employees.

Data taken from cameras installed for one distinct purpose (e.g. security)
may be admissible for a completely different purpose (e.g. disciplinary
proceedings).

Video surveillance in the workplace is more likely to be considered
reasonable if it targets "public areas" such an entrances and
exits rather than private ones such as washrooms, change rooms or
lunchrooms.

Finally, awards such as Safeway, Nanaimo General Hospital, and Vancouver
General Hospital, suprae, suggest that if employees are aware of a
general security system in place and if their union does not oppose such a
system, later objections, such as at disciplinary grievances, will not be
upheld on the basis of employee privacy concerns.

As has been demonstrated, arbitrators have considerable experience balancing
privacy rights against the desire of employers to use video surveillance as a
management tool. However, with the passage of new privacy legislation in the
province, the question becomes how will arbitral jurisprudence differ, in
content as well as in application, from the analysis emerging under new privacy
laws.

One possible point of divergence may arise in situations involving general
video monitoring systems that are known to employees. The arbitral analysis
regarding this kind of evidence is based solely on relevancy. However, the
privacy analysis demands an inquiry into whether the video monitoring was
reasonable.

As Professor Michael Geist points out in his paper, Computer and E-Mail
Workplace Surveillance in Canada: the Shift from Reasonable Expectation of
Privacy to Reasonable Surveillance prepared for the Canadian Judicial
Council in March 2002, one of the limits on surveillance activities under the
federal Personal Information Protection and Electronic Documents Act is
the statute’s reasonableness clause. Such a clause restricts surveillance
activities to those a reasonable person would consider appropriate, making mere
employee consent insufficient to justify unlimited surveillance.

Section 11 of the new British Columbia Personal Information Protection Act
("PIPA")imports the concept of reasonableness. The
provision begins: "Subject to this Act, an organization may collect
personal information only for the purposes that a reasonable person would
consider appropriate in the circumstances…" [emphasis added]

The reasonableness standard is also explicitly incorporated into the PIPA
provisions dealing with the collection, use, and disclosure of employee personal
information: ss. 13, 16, and 19. For example, s. 16(2)(b) states: "An
organization may not use employee personal information without the consent of
the individual unless … (b) the use is reasonable for the purpose of
establishing, managing or terminating an employment relationship between the
organization and the individual." [emphasis added]

Employee knowledge of the existence of video cameras and lack of union
opposition to their installation does not vitiate an employer’s obligation to
ensure that video surveillance is conducted in a reasonable manner. And privacy
commissioners may well have a more stringent notion of what is reasonable. Video
surveillance which is implemented as a preventative measure rather than to deal
with an existing problem may not be reasonable even if it is known to employees
and not objected to by the union. For instance, the federal privacy commissioner
in PIPEDA Case Summary #114 (23 January 2003) concluded that a railway’s
decision to implement a general digital video surveillance system to
"reduce vandalism and theft, liability for property damage, and minimize
threats to staff safety" was an unreasonable intrusion on employee privacy
even though the cameras were known to employees, positioned away from work
areas, and trained on areas of access.

In his decision, the federal privacy commissioner applied the following test:

Is the measure demonstrably necessary to meet a specific need?

Is it likely to be effective in meeting that need?

Is the loss of privacy proportional to the benefit gained?

Is there a less privacy-invasion way of achieving the same end?

His ruling that the use of security cameras violated the federal privacy
statute revolved, in part, around his finding that the incidents of vandalism
were relatively minor, the risk from liability claims unclear, and the actual
threat to security was "in question". In sum, the commissioner
determined that the railway had not demonstrated the existence of a real,
specific problem, only the potential for one, which did not suffice to warrant
the intrusion into employee privacy that the cameras posed.

Another potentially interesting problem is a clash between a term of a
collective agreement and privacy laws. Arbitrators often start their analysis of
whether video tape evidence is admissible by referring to the collective
agreement: see Safeway, supra, at para. 75 and Unisource, supra, at
para. 48. However, language in a collective agreement must be viewed in light of
the reasonableness requirement in the British Columbia privacy statute.

The American case of Cramer v. Consolidated Freightways Inc., 255 F.3d
683 (9th Cir. 2000) is interesting in that regard. In this case, the
employer trucking company installed microphones, hidden cameras, and two-way
mirrors in an employee restroom, ostensibly to detect and deter drug use among
its drivers. One of the drivers accidentally discovered the hidden surveillance
devices, and two employee class action suits followed: one alleging invasion of
privacy and the other for both invasion of privacy and the infliction of
emotional distress.

Counsel for Consolidated Freightways argued that video surveillance was
covered by the collective agreement and, therefore, the employee lawsuits were
statute barred as a result of a federal labour statute, Labor Management
Relations Act, 29 U.S.C., 185. The 9th U.S. Circuit Court of
Appeal rejected this argument, holding that the particular collective agreement
did not contemplate the surreptitious videotaping undertaken by the employer.
The Court remanded the matter to state court.

One of two judges in the majority, Circuit Judge Fisher, went on to write in
Part IV of his reasons that even if the collective agreement had contemplated
the use of hidden surveillance to detect drug use among drivers, such a
provision would not trump California criminal law making the installation and
monitoring of two-way mirrors in restrooms illegal. In his analysis, because a
collective agreement cannot sanction an illegal action, contract terms which
violate state penal law were "irrelevant to the plaintiffs’ claim of
privacy violation."

A further possible divergence between arbitral and privacy analysis may be
what use can be made of inadvertently captured images. Two of the foundational
privacy principles meant to be enshrined in privacy legislation are the
principles of identifying purposes and of limiting use. The principle of
identifying purpose means that an organization must identify a purpose to
justify the collection of personal information at or before the time it begins
to gather that data. The principle of limiting use requires organizations to use
the personal information they have gathered only for the purposes for which it
was collected, absent consent.

These basic privacy principles seem incompatible with arbitral decisions such
as Nanaimo General Hospital and Vancouver General Hospital, suprae, which
conclude that data from cameras established for one purpose (e.g. security in a
hospital) can be used for an entirely different purpose (e.g. disciplinary
grievances).

The federal privacy commissioner’s comments in PIPEDA Case Summary
#114 are illustrative in this regard. In his ruling, the commissioner considered
more than just the digital cameras installed purportedly to deter theft and
vandalism that were the subject of the complaint. He said of the railroad’s
operational system, video cameras used to monitor train movements, the system
was appropriate in the circumstances but nevertheless expressed concern over the
use of information collected from one of the operational systems in a
disciplinary action. He stated that had this incident formed part of the
complaint before him, he would have been "strongly inclined to look upon
such usage with disfavour".

While s. 13 of the new B.C. privacy statute explicitly allows employer to
collect personal information about its employees if collection is reasonable for
the purposes of "establishing, managing or terminating an employment
relationship" without employee consent, it does not address the situation
where personal information collected for one purpose (e.g. security or for
operational reasons) inadvertently captures information relevant to employment
issues.

It may be of interest to know how computer resources are commonly being used
in the workplace. In a recent Ipsos-Reid survey, the following statistics were
gathered with respect to Internet use at work. It is important to note that the
survey did not specify that time at work necessarily meant during hours where
the employee was expected to be working.

Percentage of workers work who admit to using Internet access for
personal reasons

88%

Percentage of online time spent for personal reasons

30%

Below is a table of the percentage of the people surveyed who had done the
following activities via Internet access at work:

Sent and received personal e-mails

70%

Checked news and sports headlines

63%

Comparison shopped for offline purchases

50%

Conducted online banking

41%

Made online purchases

27%

Checked investments

26%

Visited porn sites

9%

Statistics such as these have led to increased web and e-mail monitoring in
the workplace and a corresponding threat to our everyday privacy.

A 2001 study by America Management Association revealed that almost 80%
American companies deploy web-tracking. A more recent study revealed that more
than half of US companies engage in some form of e-mail monitoring and that 22%
of the 1100 companies surveyed had terminated an employee for e-mail misuse.

Yet, aside from watching for illegal activity, one of the world’s largest
private software companies, SAS Institute, does not monitor web use, raising the
question; Is it necessary to monitor employee use for anything other than
illegal usage?

Studies have shown that employee job satisfaction can decrease as a result of
electronic monitoring. In her article, "When Work Morphs into Play: Using
Constructive Recreation to Support the Flexible Workplace", Professor J.
Oravec supports the position that because jobs today demand high levels of
creativity and mental flexibility, use of the Internet and "online
recreation" can assist employees in gaining fresh perspectives that can be
beneficial to an employer. Permitting employees to use the computer for personal
reasons allows them to become more familiar with software and computer
applications. Prof. Oravec says that online recreation can be constructive when
it is "in synch with pending work responsibilities allowing individuals to
use time not consumed by workplace demands in ways that equip them to face
future tasks with greater energy and expanded perspectives." Online
recreation can also serve to sharpen employee’s computer skills that would
otherwise go unused or become stale. These are persuasive reasons for allowing
an employee to use electronic resources freely during down-time in the workday.

Monitoring electronic activity and reviewing the information collected upon
suspicion or indication of illegal usage is reasonable. But is the continuous
collection and review of an employee’s use of electronic resources acceptable
under B.C. privacy laws today?

The issue of monitoring electronic activity in the workplace raises more
questions than answers. A number of these questions will appear, many
unanswered, throughout this paper. The questions are intended to provoke thought
on the issues and on the application

of B.C.’s new private sector privacy legislation, the Personal
Information Protection Act (PIPA). Hopefully, the answers to the questions
raised will become clearer as decisions come from arbitrators, labour boards and
the courts.

This paper will touch upon the rationale and methods of workplace monitoring;
offer suggestions for crafting a PIPA friendly policy; examine whether such a
policy under PIPA adequately protects employees; and review several recent
discipline decisions with an eye to the future application of PIPA.

Employers will offer many reasons for monitoring web and e-mail usage:

to scan for viruses (network security)

to catch policy or security violations

to avoid legal liability (harassment, copyright infringement)

to prevent the company’s reputation or image from being tarnished

to ensure that personal use does not delay or slow down network
connections

for staff evaluation

to keep track of and limit recreational use.

Some of the above reasons are compelling, but the rationale for and methods
of workplace monitoring should not go unchallenged. Although we often hear of
how computer technology has simply created new methods for old offences, that
same technology has also spawned new and effortless ways for employers to
intrude upon an employee’s privacy.

There are many ways that electronic activity can be monitored in the
workplace:

length of an e-mail message

frequency of ingoing and outgoing e-mails

amount of time logged on to the Internet

key word identification

counting keystrokes

frequency of use attachments

blocking software that creates reports

cookies and data files that are kept on the computer’s hardware

programs that log all activity on the company server

freezing downloads

screen shots of the web pages visited

saving transcripts of instant-message conversations.

The list of sniffers and trackers, with names such as SpyAgent, Shadow,
Silent Watch and Sentinel is "unnerving, if not Orwellian."

Fundamental principles of privacy demand that there be limits on when it is
acceptable for employee electronic activity to be monitored. However, employer’s
rights, which seem to directly clash with our developing notions of privacy
rights, cannot be ignored. An employer may argue that the computer is a company
tool and therefore the data created from its use is the employer’s property.
If this is so, does it follow that the use of this property carries no
expectation of privacy? Or are e-mail communications more like personal phone
calls or letters?

To date we have been unable to locate a definitive ruling on who owns
personal e-mail created while at work, or for that matter, the data created from
web usage when surfing on company time. Until PIPA, employee surveillance in the
private sector was essentially unregulated in British Columbia. Determining
whether workplace monitoring was appropriate depended on the nature of the
monitoring, the nature of the activity (work-related or personal), and the
employee’s awareness of the monitoring.

To be deemed lawful, employer’s policies or rules needed to be reasonable
and factors such as the implementation of the policy and whether the policy was
clearly communicated were considered. Obviously, policy played an essential role
in the analysis.

PIPA mandates that an organization develop a policy that meets the
organization’s obligations under the Act. The policy must be reasonable and
the collection, use and disclosure of personal information must be consented to,
either expressly or by implication, in order to be permissible.

The purpose(s) of monitoring should be specific in the policy, for example,
loss of productivity, time theft, protection from liability risks, misuse of the
equipment, or potential virus damage that can be costly to the company. There is
suggestion that "blanket" purposes and random monitoring would not be
acceptable or in compliance with the Act.

Employees should be made aware of the type of data collected; whether it be
keystroke numbers, number of e-mails sent per day, length of the e-mail message,
or cookies and data files that are kept on the computer’s hardware. Further,
the employee should be made aware of the circumstances under which collected
data will be reviewed or used. For example, if the company’s policy is to
routinely monitor and review e-mails for viruses, the policy should say so.

A primary goal of having a policy is to establish acceptable use guidelines.
The policy should stipulate the limits of usage; whether it is that the
electronic resources are strictly for business use or that some personal use is
permitted. A reasonable use policy will be one that conforms to the company’s
purpose and corresponds with the employee’s job duties.

It is important to ensure that users of electronic resources understand that
e-mail communication is subject to the same laws, regulations and policies as
other communications, both written and verbal. In all circumstances, e-mail and
web use should be legal, ethical, and respectful; it must not be harassing,
abusive, threatening or sexual, and it includes jokes, cartoons, attachments and
web links. Providing employees with concrete information upon which they can
judge whether their activity complies with stated policies can be invaluable.

In tandem with implementing a policy, basic web and e-mail training should be
considered. It is a common, and probably costly, mistake to assume a fair degree
of computer and Internet sophistication or savvy. A lot of time and money is
spent on cleaning computers, protecting them from viruses and dealing with
"crashes" due to viruses. An employer should consider training
employees on how viruses are disguised in e-mail communication, how viruses can
be spread via e-mail communication without the awareness of the sender and
certain "red flags" that can be identified with respect to general
e-mail use.

Users should be educated with respect to the types of websites that exist and
what Internet use will result in "alerts". Sometimes the most
innocuous search request will produce strange and unexpected results that could
result in a tag on the search.

Users should be reminded that workplace e-mail addresses are usually
connected to the place of employment and the company’s name often appears in
the sender’s address. The result is that the communication might have the
appearance of coming directly from the company. Would you write a love letter on
company letterhead? Finally, users should be aware that attachments and links,
although not seen on the screen, form a part of the communication.

The risk of discipline should be clear and the range of consequences should
be set out; from letters of reprimand, limitations on use, termination, to
prosecution as a result of illegal usage, including the fact that suspected
violations may be referred to the police. The policy should also include the
possibility of the company taking action against the employee for losses
suffered because of illegal activity or breach of policy.

As a final point, a reasonable policy should include a clause about
incidental and occasional personal use. A policy that prohibits all personal use
is not reasonable or realistic in today’s computerized workplace.

Even though it may not be wise to assume so, there is a general understanding
in Canadian society today about what constitutes acceptable or legal Internet
and e-mail use at work. There is even the understanding that by their very
nature, the security of e-mail communications or privacy of Internet searches is
not guaranteed. However, there is no comparable general understanding of what
level of privacy to expect at the workplace.

Some arbitrators have insisted that electronic surveillance must be sensitive
to the employee’s interests in personal privacy and human dignity and the way
in which and the purposes for which surveillance devices are deployed will play
a part in the analysis of whether an employee’s privacy has been invaded.

What if you are not sending illegal messages, what if you are not surfing the
net during work hours – can you expect that your e-mail communications and
Internet data will not be monitored?

In R v. Weir [1998] AJ No. 155, pornographic e-mail messages and
attachments were seized from Weir’s home computer, when the police were
tipped-off by the Internet service provider that was repairing his computer. The
court determined that e-mail communications over a personal Internet connection
do carry a reasonable expectation of privacy but because of the manner in which
technology is managed, e-mail is vulnerable and the degree of privacy
diminished. The court held that the search warrant and seizure were valid and
that the e-mail evidence was admissible. Weir was convicted.

The issue of privacy in e-mail communications at the workplace is complicated
by the notion that the e-mail message itself may not belong to the employee.

In Treasury Board (Solicitor General Canada – Correction Service) and
Briar (Re), 116 L.A.C. (4th) 418 (Taylor), discussed again at
page 26 of this paper, it was held that in an investigation of e-mail misuse
there was no reasonable expectation of privacy.

Michael Geist, a law professor at the University of Ottawa, suggests that the
rules for workplace surveillance are moving away from an assessment of
"reasonable expectation of privacy toward deciding whether the surveillance
itself is reasonable." The reasonableness clause found in most
private-sector privacy legislation sets a limit on workplace surveillance.

Criteria with respect to how to judge reasonableness hopefully will come with
the developing jurisprudence. In his paper prepared for the Canadian Judicial
Council, Professor Geist puts forth some factors to be considered when
determining reasonableness: the target of the surveillance, its purpose,
alternatives to surveillance, technology and methods used, and the adequacy of
the notice given to employees.

PIPA does signify a shift away from expectation of privacy to reasonable
surveillance, but will its application make any difference?

The focus of PIPA is not on the employment relationship, but it is
nonetheless applicable to the clash between privacy interests and business
interests in the workplace.

Section 2 of PIPA defines its purpose as follows:

The purpose of this Act is to govern the collection, use and disclosure
of personal information by organizations in a manner that recognizes both
the right of individuals to protect their personal information and the need
of organizations to collect, use or disclose personal information for
purposes that a reasonable person would consider appropriate in the
circumstances.

The definition of "personal information" in PIPA is expansive, and
any information in any form that can be attributed to an individual falls within
the definition. E-mail and electronic data should fit into this category.
However, there are exceptions that would leave this information, and indeed all
personal information, vulnerable to collection and inspection beyond that which
might be expected.

The definition of "personal information" specifically excludes
"work product information". Is electronic data created at work an
employee’s work product and therefore not subject to the protection of the
legislation?

PIPA is modeled on, and is supposed to be substantially similar to PIPEDA. In
a paper on workplace privacy, Information and Privacy Commissioner, David
Loukidelis compares the treatment of work product under PIPEDA and based on
federal decisions states that "one could expect that an employee’s work
product, in the sense of information created through one’s employment
activities, would not be considered information "about" the individual
employee within the meaning of PIPEDA." The Commissioner goes on to say
that the treatment of "workproduct" by the Federal Privacy
Commissioner is not clear, as in the recent decision PIPEDA Case Summary #114,
January 23, 2003 (discussed in Part 1 of this paper) he appears to have treated
video surveillance as a collection of "personal information."

We will have to wait and see how this plays out in front of the British
Columbia Information and Privacy Commissioner and labour arbitrators, but for
the sake of the analysis below, we will proceed on the basis that electronic
data, including e-mails, is personal information.

PIPA prohibits the collection, use and disclosure of personal information
without consent of the individual, express or implied (s. 6). Consent is not
valid (s. 7) unless the purpose of the collection is disclosed (s.10(1)(a)).
This would appear to provide adequate protection to any personal information,
including the collection of electronic data created at work. However, purpose of
collection does not have to be disclosed (s. 10(3)) in circumstances of deemed
consent (s. 8(1)), because the purpose is obvious (s. 8(1)(a)).

So basically an employer can monitor the use of electronic resources for any
"obvious" purpose without the express consent of the employee.
Further, if an organization provides notice that it intends to collect personal
information and the individual does not decline to have the personal information
collected, the collection, use and disclosure, if reasonable, is permitted (s.
8(3)).

Consider the scenario where a warning page that outlines a company’s policy
in regard to the collection of electronic data pops up each time an employee
logs on to a computer. Is this collection valid under PIPA?

What if the above policy screen does not state that one of the purposes for
the collection of the data is to track employee time and that when collecting
and reviewing the data, the employer determines that theft of time has occurred
based on the time spent conducting Internet searches? The employer then proceeds
with discipline and uses the personal information collected as evidence. Would
this be a valid collection and use under PIPA? Implied consent provisions tell
us that this may be so.

Would this fall under section 7(3) which states that consent is not valid if
it is obtained by false or misleading information or deceptive practices? Not
likely if it can be shown that the discovery of the time-theft was incidental.

What if the employer’s policy states that if something is found during a
routine scan that is contrary to policy, it will be acted upon? Would the above
scenario then constitute a valid collection and use of personal information?

Privacy issues with respect to workplace monitoring of electronic resources
will arise most often in discipline cases. PIPA has yet to be applied to the
employment or unionized labour setting. To date we have been unable to find any
court decisions that deal head-on with employer monitoring of e-mail and
Internet use.

As PIPA is modeled on the PIPEDA, it may be useful to begin by examining how
that legislation has been applied.

In Treasury Board (Solicitor General Canada – Correction Service) and
Briar (Re), 116 L.A.C. (4th) 418 several employees were
disciplined for e-mailing pornographic materials. The employees claimed a
privacy interest and a section 8 Charter violation (search and seizure). In
rejecting the employees’ claim, the Board referenced the employer’s
proper-use policies and a clear log-on warning. Further, the employer was acting
on a complaint; it was not a random surveillance. Most interestingly, the Board
stated, "These are e-mail communications over which the grievors lost
control once they pressed "Send"."

The following principles can be taken from this decision:

There is no blanket rule permitting random monitoring.

Employers should have a complaint driven process.

Policies should contain express notice to employees that their e-mail and
Internet use will be monitored.

Internet and e-mail misconduct is the same as any other sort of
misconduct, requiring the examination of the seriousness of the conduct,
connection to the workplace, impact on other employees, written policies and
warnings, and the nature of the workplace.

The following recent example of a situation involving employee monitoring,
shows us how complicated the matter can get.

In January 2004 the ten month computer-use investigation launched by the
Yukon government involving the Public Service Commission and the Public Service
Alliance of Canada/Yukon Employees’ Union was finally resolved. The
investigation cost more than $100,000. The process "spiraled out of
control"and at the end of the investigation, 96 workers had
been punished. The discipline ranged from a letter of reprimand to a 20-day
suspension.

The stated standard was that receipt of just one e-mail containing
objectionable material would lead to investigation. Key points examined were the
nature and volume of the material, the recipients and senders, and the key
distributors.

In the face of numerous grievances and appeals, the parties decided to refer
the matter to Arbitrator Vince Ready and a mediated settlement resolved the
matter. At the end of the day two employees will not get their jobs back.
Suspensions were reduced by more than 50%: 20 day suspensions were reduced to 7,
15 days to 5, 10 days to 3, 5 days to 2, and 1 day to a letter of reprimand.
Letters of reprimand stood.

In British Columbia v. British Columbia Government and Service Employees’
Union (Morris Grievance) [2003] BCCAAA No. 152 (July 9, 2003) the employee
leaked a confidential document in violation of the employers standards. During
the employers investigation a series of e-mails between the grievor and another
individual included "disloyal, derogatory, and defamatory statements"
regarding her supervisor and the manager of the branch (QL page 3). Arbitrator
Ready applied the Wm. Scott principles as the guiding arbitral framework in
determining that the dismissal was excessive, substituting it with a six month
suspension and one-year of probation. Most interestingly, Arbitrator Ready finds
that the derogatory e-mails "were intended to be entirely private" and
that "[m]odern technology has simply documented comments that in previous
times would have been relegated to the "office gossip" category"
(QL page 8).

In Public Service Employees Relations Commission v. B.C.G.E.U. (Bains
Grievance) [2003] BCCAAA No. 197 (June 25, 2003, K.F. Nordlinger), the employee
Bains was terminated from his position as an Auxiliary Correctional Officer for
disclosing confidential information to an inmate that could jeopardize the
safety of another inmate, disclosing a confidential investigation to the officer
who was being investigated and failing to disclose the extent of his
relationship with an inmate. His termination letter stated that his misconduct
was not an aberration and that his ingrained behaviour was antithetical to the
requirements of the job. The employer then stated that this conclusion was
"supported by [his] excessive and inappropriate use of the Government
e-mail system." The misuse involved sending inappropriate jokes to
co-workers and outside addresses, sending personal e-mail to his girlfriend and
sending tasteless and lewd photos and stories. Aside from the inappropriate use
of the e-mail system, the other incidents relied upon were not proven. Thus, the
Arbitrator had to determine the appropriate discipline for the misuse of the
e-mail system.

Seven months prior to confronting Bains with the misuse of the e-mail, the
employer had sent the following e-mail message to all staff:

This is a reminder that the e-mail system is for government-related
business only. I appreciate the need to circulate messages to as wide an
audience as possible and therefore the temptation to use the all-staff
mailing list is convenient. However, this is not an appropriate use of both
the e-mail system nor the mailing list.

The employer’s Internet usage policy stated:

Internet usage must be able to survive public scrutiny and/or disclosure.
Users must avoid accessing sites that might bring the Public Service into
disrepute, such as those that carry offensive material.

In finding that termination was excessive and that Bains should be issued a
written reprimand and reinstated, the Arbitrator considered the following
factors:

Bains had admitted to the inappropriate use and apologized.

A number of other Correctional Officers were receiving and sending many of
the same e-mail, which pointed to a "culture in the workplace"
that continued to thrive despite the Employer’s best efforts.

Another officer with the most similar misusage had received only a written
reprimand.

There was "nothing sinister in the content" of the e-mails.

The e-mails were "innocuous and inane comments of a young man ‘feeling
his oats’ ".

Bains had no discipline record and did not display any attitude problems.

Would it have made any difference to the outcome if the Employer had outlined
the risk of discipline in the policy? Would an analysis of the PIPA been
necessary? We see that there is no discussion of privacy issues.

In Public Service Employee Relations Commission v. BCGEU [1999] BCCAAA
No. 359 (August 9, 1999, H.A. Hope, Q.C.) the employee was given a two-day
suspension for "attempted inappropriate access to the Internet". The
employer’s Internet use policy prohibited access to offensive sites. The
employer’s records showed two hits on inappropriate sites. Claiming curiosity,
the employee looked at a directory called "100 Hot" and
"landed" on two titles, but did not actually access a sex-related
site. The employee had no discipline record. Arbitrator Hope found that the
breach of policy was "technical in nature" and reduced the penalty to
a letter of reprimand.

In Westcoast Energy Inc. v. Communications, Energy and Paperworkers’
Union or Canada, Local 686B [1999] BCCAAA No. 423 (October 1, 1999, K.
Albertini), the employee was terminated for sending four anonymous e-mail
messages to a female employee of the company that were found to be harassing.
Company policy was that Internet and e-mail use was for company business only
and that it was not acceptable to use these services for anything other than
business purposes, both during and outside normal business hours. The female
employee became concerned and a sniffer that could trace transmissions was
installed on her computer. In finding that this case was "borderline"
and that the employee should be reinstated (time missed was recorded as a
suspension and equaled 6 months), the arbitrator considered that the employee
had no discipline record over 24 years of employment, the act of sending
inappropriate messages on the company computer was not as rare as one might
expect, and that the employee had brought a considerable loss of income and
shame upon himself. Letters of apology were a condition of the reinstatement.

In Camosun College v. CUPE Local 2081 [1999] BCCAAA No. 490 (November
15, 1999, Germaine) negative comments about faculty were distributed on a Union
e-mail list of over 100 individuals. The employee was suspended, and upon
completion of an investigation, the employee was dismissed. In upholding the
dismissal, the arbitrator found that the employee had no reasonable expectation
of privacy in the e-mail and that the distribution of the e-mail constituted
insubordination and a breach of the duty of fidelity. The grievor’s
disciplinary record and failed attempts at corrective discipline were factors in
this decision.

In British Columbia Government and BCGEU [1998] BCCAAA No. 535
(November 17, 1998, S. Kelleher, Q.C.) the employee has accessed offensive
websites using the employer’s computer – at home. The employee had agreed to
the employer’s Internet usage agreement:

…I also agree that personal use will not include inappropriate
behaviour such as access to or downloading from offensive sites….I
understand that my use of the Internet is identifiable by others as a
Government activity….I understand that my usage may be monitored without
further warning and that inappropriate usage may be cause for disciplinary
action up to and including dismissal or cancellation of contract.

Arbitrator Kelleher found that the misconduct was serious and that the
one-day suspension was not excessive.

Would the language of the above usage agreement survive a PIPA analysis,
keeping in mind the shift from reasonable expectation of privacy to reasonable
surveillance? In this case, the employee had no expectation privacy but was
subject to blanket monitoring. Would this be reasonable surveillance?

In CUPE, Local 2950 and University of British Columbia [1998] BCCAAA
No. 501 (October 30, 1998, J.E. Dorsey), the employee, a University Archives
Assistant and a computer enthusiast, was suspended for 3 days and conditions on
his use of computers at work were imposed. The University had a web and e-mail
use policy that stated e-mail and Internet accounts were primarily for work, but
allowed personal e-mail use within limits. Prior to going on vacation, it was
agreed that the Systems Division would rebuild his computer, as it had been
"crashing". During the repairs, a large bookmark file (twice the usual
size) was identified and examined. A folder containing links to offensive
websites was found. The employee claimed that it was his son’s folder, as they
shared a computer at home. Through extensive computer investigations, it was
determined that the file was the part of the employee’s personal files that
were brought back and forth from home to work – and installed on his work
computer. There was no evidence that he had accessed or downloaded pornographic
material with the employer’s computers. It was accepted that if the employee
had intended to hide the files before having his computer serviced, he had the
computer savvy to do so. Arbitrator Dorsey found that the employee did not
knowingly include inappropriate links on the employer’s computer and ordered
that the suspension and conditions be removed.

The passage of PIPA was a much heralded event by many who had been
part of the extensive consultative process prior to its drafting. We had
differed from the majority view, in our critical assessment of its value to
employees and unions. These assessments were expressed in our earlier paper on
the topic.

However we should acknowledge that our criticisms have been modified somewhat
by our research, and by discussions we have had with a wide range of colleagues
in preparation for this paper. We are somewhat encouraged in our view of the Act.
We say that because of the prospects of a more rigorous and searching review
of many aspects of employer conduct occasioned by resort to the PIPA reasonableness
standards in complaints or grievances advanced by unions and employees to the
Privacy Commissioner and to arbitrators.